Security fixes are provided for the latest published version of QuietMask.
| Version | Supported |
|---|---|
| Latest release | Yes |
| Older releases | No |
Please do not disclose an unpatched vulnerability in a public issue.
Use GitHub Private Vulnerability Reporting when it is available for this repository. Include:
- the affected QuietMask version and Chromium version;
- the operating system;
- the affected website or a minimal local test page;
- clear reproduction steps;
- the expected and observed behavior;
- the potential privacy or security impact;
- a proof of concept, if one can be shared safely.
If private vulnerability reporting is unavailable, open a public issue requesting a private contact channel without including exploit details.
Examples of findings that should be reported privately include:
- a website bypassing or changing QuietMask settings without user interaction;
- exposure of the installation seed or cross-site correlation identifiers;
- unexpected network transmission or remote code execution;
- a whitelist rule affecting unrelated domains;
- a page escaping the intended isolation boundary;
- a reproducible inconsistency that exposes a user's original protected value;
- a permission or diagnostics path that grants broader access than documented.
General compatibility problems without a security impact may be reported through the public issue tracker.
The maintainer will acknowledge a complete report, assess its impact, and coordinate a fix before public disclosure when appropriate. Please allow reasonable time for investigation and release preparation.
Thank you for helping improve QuietMask.